FriendsExploit/Shell-Backdoor — reverse-engineered prompt

Reverse engineered prompt

I found a tiny PHP repo with a few files that look really suspicious, and I want you to treat it like a possible web shell or backdoor sample.

Please open the PHP files, figure out what each one is doing, and tell me in plain English if they give remote access, run commands, hide activity, upload files, or do anything else dangerous. If the code is obfuscated, decode it enough to explain the behavior. Then make me a cleaned up safe version of the project that does not include any malicious behavior, or if that makes more sense, turn it into a harmless demo for security education that only shows how the detection works without actually enabling abuse.

Also add a short writeup with indicators of compromise, risky functions used, and simple steps someone could take to detect and remove this kind of file from a PHP website. Look up current PHP docs online if you need to.

Want more depth? Deep Reverse